In this episode we discuss the importance of documentation for your HIPAA compliance program.  You can be doing everything right but without documentation there is now way for you to show anyone else that is the case.  If you can’t prove it then you aren’t doing it as far as OCR is concerned.

A 5 star review is all we ask from our listeners.
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy.


A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.




  • OCR says “don’t just tell me you are compliant, show me you are”
  • What do you need to document
    • Policies and Procedures, including archive history
    • Risk Analysis and Risk Assessment
    • Training for workforce (who, what, where, when)
    • Risk Mitigation project plans
    • Issue/Incident details
    • BAAs and BA Due Diligence
    • Activity monitoring reports and logs
    • Audit plans and results
    • Assessment plans and results
    • Inventories of software, hardware, etc
    • Breach response plans and documentation
  • Spreadsheets and documents in folders or document management tools
  • Compliance Management tools